General

  • Target

    aae17367d2a7ff458386681568f02970838def766f1a6a60babd454fabb63885

  • Size

    2.9MB

  • Sample

    240429-bat55add72

  • MD5

    a4a1223a577a7f60f10d4754994a59a0

  • SHA1

    607bb9e344ff1cd5b6cb2e6a1f5d03948797b413

  • SHA256

    aae17367d2a7ff458386681568f02970838def766f1a6a60babd454fabb63885

  • SHA512

    1f2091d7e931724e79ae7973308508c11bb8ca2d1dc26964ff2334f5033c6582a470d5c771f4d64c9694338be7522065a756c6088d6c0866c7ec97e367162c7a

  • SSDEEP

    24576:bTO7AsmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHt:bTO7Asmw4gxeOw46fUbNecCCFbNecA

Malware Config

Targets

    • Target

      aae17367d2a7ff458386681568f02970838def766f1a6a60babd454fabb63885

    • Size

      2.9MB

    • MD5

      a4a1223a577a7f60f10d4754994a59a0

    • SHA1

      607bb9e344ff1cd5b6cb2e6a1f5d03948797b413

    • SHA256

      aae17367d2a7ff458386681568f02970838def766f1a6a60babd454fabb63885

    • SHA512

      1f2091d7e931724e79ae7973308508c11bb8ca2d1dc26964ff2334f5033c6582a470d5c771f4d64c9694338be7522065a756c6088d6c0866c7ec97e367162c7a

    • SSDEEP

      24576:bTO7AsmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHt:bTO7Asmw4gxeOw46fUbNecCCFbNecA

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Detects executables packed with ASPack

    • Warzone RAT payload

    • Modifies Installed Components in the registry

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks